IETF Logo Mail Archive

[regext] AD review of draft-ietf-regext-unhandled-namespaces-06

Barry Leiba <barryleiba@computer.org> Fri, 22 January 2021 19:23 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: regext@ietfa.amsl.com
Delivered-To: regext@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 742763A1463; Fri, 22 Jan 2021 11:23:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.403
X-Spam-Level:
X-Spam-Status: No, score=-1.403 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.248, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z9HxWIAwv_0x; Fri, 22 Jan 2021 11:23:17 -0800 (PST)
Received: from mail-lj1-f177.google.com (mail-lj1-f177.google.com [209.85.208.177]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D811D3A144E; Fri, 22 Jan 2021 11:23:13 -0800 (PST)
Received: by mail-lj1-f177.google.com with SMTP id l12so5262431ljc.3; Fri, 22 Jan 2021 11:23:13 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc :content-transfer-encoding; bh=jcaUsQTGH5AllrOEgfyhD9ESCZy1e/5QQK0DA7NLpK8=; b=AZ2isod3GdWuX3oLPdQ9AQW1Yk1AYUKySy7XHM84tSPEry6Lkma7zANBNIL6woFl2M G86Zyo/H5vjlesutigxVluQnBhcC9Ma640FrVRDKl3QOva7C+so/ZKkH7wmOAiS4dX7B yO2DuazkMnMQs4m5venatTTaPPgI/b9nAlRFVw7i+FljLVeFUyWpikzNWaNGdrwrpkp8 +yJMGP16QXADPQFX2tb/TAp0w/HWKWjqyR/KdnNYk3uu7rIzYNj4uqp7xkMtWNcXGg7M 55Hw5SsyrZCOAPeRCCJuKvQMCfSW+cOVyyAgHeqncz7WCNV+9OTp6f1tF8VuRDTKbzDW lrhw==
X-Gm-Message-State: AOAM533g+96ym9nwruc/1IEZ1UzvjUXI21lx36knJtDNaHmaIPXNEC40 7GbZRvH4kMyzcFYXv9z/qR82mKkKo2gTfgQy2DnGPVA3f0E=
X-Google-Smtp-Source: ABdhPJztQym927xaRLbWKL+Lbgb8FLNIQjxKn8p5wL0G+CfX9zEPCjkLQilin20hDAxsloDuEuGHwjrC+pHl8tHeo7c=
X-Received: by 2002:a2e:96c5:: with SMTP id d5mr620958ljj.65.1611343391197; Fri, 22 Jan 2021 11:23:11 -0800 (PST)
MIME-Version: 1.0
From: Barry Leiba <barryleiba@computer.org>
Date: Fri, 22 Jan 2021 14:22:59 -0500
Message-ID: <CALaySJ+6atC5oy1OoBFa=HH9bxmuOjayO7Otq=Yg8_m4sBcxkQ@mail.gmail.com>
To: draft-ietf-regext-unhandled-namespaces.all@ietf.org
Cc: regext <regext@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/regext/Dq4Y9hXqzXCJr2f46kUrVkDkXt8>
Subject: [regext] AD review of draft-ietf-regext-unhandled-namespaces-06
X-BeenThere: regext@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Registration Protocols Extensions <regext.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/regext>, <mailto:regext-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/regext/>
List-Post: <mailto:regext@ietf.org>
List-Help: <mailto:regext-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/regext>, <mailto:regext-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Jan 2021 19:23:19 -0000

Thanks for the publication request for this document; here's my AD
review.  None of this is a big thing, just some easy tweaks.  It will
need a revised I-D, though, so I'll set the substate accordingly.

The Abstract goes into more detail than the Abstract needs to or
should.  The Introduction correctly explains the details, but the
Abstract shouldn’t.  I suggest trimming the Abstract thus (but please
do use your judgment on this):

NEW
   The Extensible Provisioning Protocol (EPP), as defined in RFC 5730,
   includes a method for the client and server to determine the objects
   to be managed during a session and the object extensions to be used
   during a session.  The services are identified using namespace URIs,
   and an “unhandled namespace” is one that is associated with a service
   not supported by the client in question.  This document defines an
   operational practice that enables the server to return information
   associated with unhandled namespace URIs that is compliant with the
   negotiated services defined in RFC 5730.
END

— Section 1.1 —

Please use the new BCP 14 boilerplate and add a normative reference to RFC 8174.

   Indentation and white space in examples are provided only to
   illustrate element relationships and are not a REQUIRED feature of
   this protocol.

That’s not a BCP 14 usage of “required”, and should be in lower case.

— Section 3 —

       XML processing of the <value> element is
       disabled in [RFC5730],

Where and how is this stated in 5730?  I can’t find anything, but
perhaps I just don’t know where to look.  It would be good to add a
section number to the citation.

— Section 8.2 —

Please change the Registrant Name to “IETF” (you may leave the email
address as it is), as that’s how the IESG prefers to designate it (the
IETF

— Section 10 —

Nit: make it “This document does not provide…”

That aside, I would be surprised if we don’t get some pushback about
this section, so maybe we should think about it a bit more.  I accept
that there are likely no security issues raised by this operational
practice, but it would be good to address that more directly.  This is
proposing that a server return information to a client that indicates
that the server believes a particular service is not supported by the
client.  You should call that out, and consider whether that could
expose anything that could be used by an attacker — or that could be
misused to create an attack.  Or, could an attacker do something
related to this practice that would allow it to disrupt some
legitimate communication?

The answer to all of that might be “no”, but it would be good to… as
we used to say in school, show your work.

-- 
Barry

v2.23.0 | Report a Bug | By Email